Secure Enclave

Working Within The Crypt

Sensitive actions are to be recommended to occur in the Secure Enclave to avoid exposure to the processors in the case that they may be compromised.

There is also a hierarchy of keys to achieve goals:
1. May require the user’s action for decryption (i.e. MFA to release user keys).
2. Protect the system from a brute-force attack directly against storage (and/or system, e.g. boot and firmware) media removed (or modified) from the machine.
3. Provide a swift and secure method for content and system management (authorized CRUDE) via trusted cryptographic systems.
4. Enable users to manage system secrets lifecycle and governance without requiring content and system modification, e.g. re-ciphering or re-signing of the volumes.